Tigera has announced the general availability of its new container security features, including malware protection during runtime, Image Assurance with container image scanning, runtime visibility of vulnerable workloads and admission control policies.
With the availability of these features in Calico Cloud, customers have a single container security solution to improve security posture, reduce attack surface with fine-grained security controls, and provide threat defense from threats. By identifying potential vulnerabilities in the build phase of the CI/CD pipeline, users can ultimately leverage a shift-left approach to security.
Cloud-native application developers need access to safe and secure container images to build applications, and there are numerous vulnerabilities in public or private images and registries that need to be scanned regularly for security issues and non-compliant configurations.
Calico Cloud now allows users to scan container images locally when needed, and export the results to share with stakeholders to improve their security posture. Also, customers can achieve high compliance standards and reduce the risk of deploying vulnerable images with admission policy controls that automatically block the deployment of failed images within their CI/CD pipeline.
A runtime view of high-risk workloads correlating with the image scan results allows teams to prioritize remediation plans for existing workloads. Using Calico’s security policies, these workloads can be isolated from the rest of the application giving development teams more time to fix the issues, thereby alleviating their burden.
For protecting containers and workloads from unknown threats and zero-day attacks, Calico Cloud offers runtime threat defense with malware protection and anomaly detection. Using a combination of machine learning and proprietary rulesets, Calico’s malware detection engine can identify suspicious activity in containers and workloads. Users can quickly build a security policy to quarantine and isolate the affected workload while developers work on mitigating the security issue.